Application/Control Number: 10/508,991 Page 2 

Art Unit: 2617 

DETAILED ACTION 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 1-2,5, 7-8, 10-11 and 16-18 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Marley (7139556) in view over Lammi et al. (hereinafter 
Lammi) (WO 01/28273) and Siegel et al. (hereinafter Siegel) (US 2002/0143961). 

Regarding claim 1, Marley teaches a method of exchanging user-specific data 
("user's location", item F in Figure 2) from a mobile network to a service application of 
an external service provider ("ASP", item D in Figure 2), wherein certain user data is 
needed by the application for providing a requested service to a mobile user, the 
method comprising the following acts performed by a data control server of the mobile 
network (Figure 2): 

receiving a service request form the mobile user directed to the service 
application (item A in Figure 1 , Col. 1 , lines 36-38) 

generating a unique Application User Identification (AUID) random code which is 
assigned to a combination of the mobile user and the service application (" user tag ", 
the user tag comprises identification of user and identification of service provider, ol. 3, 
lines 40-47; "random multi-digit number", Col. 4, lines 47-48) 
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sending the service request and the assigned AUID code (" user tag ", Col. 3, line 
42) to the service application ("network N wishes to ask ASP1 for directions to or 
locations of the nearest pizza outlet", Col. 2, lines 56-59), 

receiving from the application a request for the user data of said mobile user 
("ASP will at step E request information about user's location from the network 
N", Col. 4, lines 1-4), 

allowing the service application to receive the requested user data if said 
assigned AUID code was included in the received user data request ("ASP will at step 
E request information about user's location from the network N, using the user 
tag as a means of relating this request "Col. 4, lines 1-4) 

retrieving the requested user data based on the received AUID code and sending 
the user data to the application ("the network responds to this request by providing 
the location of the user to ASP - that is by defining the geographical area in which 
the user is currently present. The network knows which user is concerned 
because it derives this information from the user tag ", Col. 4, lines 5-7). 

Marley did not teach specifically code which is assigned when the mobile user 
has not previously assessed the service application and to obtain the user data in 
conjunction with any subsequent service request from the mobile station. 

However, Lammi teaches in an analogous art a code which is assigned when 
the mobile user has not previously assessed the service application and to obtain the 
user data in conjunction with any subsequent service request from the mobile station 
("the user identifier and the corresponding anonymous identifier are eliminated from the 
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data base after a predetermined time/(number of tries)", Page 5, lines 34-37 and Page 
6, lines 1-4 and therefore the ID's has to be created if they don't exist). Therefore, it 
would be obvious to one of ordinary skill in the art at the time of invention to use the 
code which is assigned when the mobile user has not previously assessed the service 
application and to obtain the user data in conjunction with any subsequent service 
request from the mobile station in order to reduce the work load of the network. 

The combinations of Marley and Lammi did teach specifically the method of 
checking in a permission table whether the service application is allowed to receive the 
requested user data, said permission table specifying a plurality of individual service 
applications and a type of data each individual application is allowed to receive and 
allowing the service application to receive the requested user data if the service 
application is allowed to receive the user data according to the permission table. 
However, Siegel teaches in an analogous art the method of checking in a permission 
table whether the service application is allowed to receive the requested user data, said 
permission table specifying a plurality of individual service applications and a type of 
data each individual application is allowed to receive and allowing the service 
application to receive the requested user data if the service application is allowed to 
receive the user data according to the permission table (Paragraph [0032-0033, 0035]). 
Therefore, it would be obvious to one of ordinary skill in the art at the time of invention 
to use the method of checking in a permission table whether the service application is 
allowed to receive the requested user data, said permission table specifying a plurality 
of individual service applications and a type of data each individual application is 
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allowed to receive and allowing the service application to receive the requested user 
data if the service application is allowed to receive the user data according to the 
permission table in order to restrict access to private data. 

Regarding claim 2, Marley teaches a method, wherein the AUID code is 

generated in response to receiving the service request from the mobile user (Col. 3, 

lines 35-42). 

Regarding claim 5, Lammi further teaches the method, wherein the AUID code is 
used by the application for attributing the retrieved user data sent, to the said service 
upon subsequent access of the mobile user to the same service (Page 6, lines 1-4). 

Regarding claim 7, Siegel teaches a method wherein a permission table is 
maintained for a specific user or group of users ("permissions can be specified in terms 
of groups", Paragraph [0021]). 

Regarding claim 8, Siegel teaches a method, wherein an error message is sent 
to the service application if the service application is not allowed to retrieve the 
requested user data ("protocol describes getting and retrieving permissions as well as 
the specifications of what information is stored", Paragraph [0023, 0025]). 

Regarding claim 10, Marley/Lammi further teaches a method according to claim 
1 , further comprising determining whether a valid mobile user identity exists that 
corresponds to the received AUID code in order to check if the application is authorized 
(Marley: Col. 4, lines 8-9; Lammi: items 27-29 in Figure 2). 

Claim 11, 18 are rejected for the same reason as set forth in claim 1 . 
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Regarding claim 16, Lammi teaches a server according to claim 1 1 , further 
comprising a mobile network interface for receiving service requests from mobile users, 
and for retrieving user data ("service gateway"; items 14 in Figure 1). 

Regarding claim 17, Siegel teaches a method an external provider interface for 
receiving requests for user data from service applications, and for responding with 
either the requested data or an appropriate error message ("protocol describes 
getting and retrieving permissions as well as the specifications of what information is 
stored", Paragraph [0023,0025]). 

Claims 3,4,13 and 14 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Marley (7139556) in view over Lammi et al. (hereinafter Lammi) (WO 
01/28273), Siegel et al. (hereinafter Siegel) (US 2002/0143961) and further in view 
over Krishnamoorthy (US 2003/0115201). 

Regarding claim 3, the combination of Marley, Lammi and Siegel teaches all the 
particulars of the claim except wherein the AUID code is stored in a translation table 
together with a mobile user identity and an application identity. However, 
Krishnamoorthy teaches in an analogous art wherein the AUID code is stored in a 
translation table together with a mobile user identity and an application identity 
(Paragraph [0042]). Therefore, it would be obvious to one of ordinary skill in the art at 
the time of invention to have the AUID code is stored in a translation table together with 
a mobile user identity and an application identity. This modification is a design choice, 
since it is up to the data base manager to have all the information in one table or in 
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multiple tables from a single or multiple database located in a single or multiple 
devices. 

Regarding claim 4, Lammi further teaches a method, wherein the mobile user 
identity is obtained from the translation table based on the received AUID code, for 
retrieving the requested user data from a user database in which user-specific data is 
stored for mobile users being registered in the mobile network (Abstract; "identification 
database"; item 13 in Figure 1). 

Claim 13 is rejected for the same reason as set forth in claim 3. 

Regarding claim 14, Lammi teaches a server further comprising a translator for 
translating AUID codes into mobile user identities and vice versa by checking the 
translation table (Page. 8, lines 13-20; Page. 9, lines 5-10). 

Claims 9 and 15 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Marley (7139556) in view over Lammi et al. (hereinafter Lammi) (WO 
01/28273), Siegel et al. (hereinafter Siegel) (US 2002/0143961) and Chung (US 
2003/0016823). 

Regarding claim 9, the combination of Marley, Lammi and Siegel teaches all the 
particulars of the claim except a method wherein new AUID codes are generated by 
dividing the decimal representation of a non-periodic irrational number into blocks of a 
certain length, wherein each block is used as an AUID code. However, Chung teaches 
in an analogous art, a method wherein new AUID codes are generated by dividing the 
decimal representation of a non-periodic irrational number into blocks of a certain 
length, wherein each block is used as an AUID code (Abstract; Figure 4, Paragraphs 
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[001 6-1 8]). Therefore, it would be obvious to one of ordinary skill in the art at the time 
of invention to use the method wherein new AUID codes are generated by dividing the 
decimal representation of a non-periodic irrational number into blocks of a certain 
length, wherein each block is used as an AUID code. This modification is useful for 
providing secure (cryptographic applications) communication. 

Claim 15 is rejected for the same reason as set forth in claim 9. 

Response to Arguments 
Applicant's arguments filed 6/16/2009 have been fully considered but they are 
not persuasive. 

Applicant argues that Moreley does not check whether the ASP is authorized to 
receive the requested location information. 

In response to applicant's arguments against the references individually, one 
cannot show nonobviousness by attacking references individually where the rejections 
are based on combinations of references. See In re Keller, 642 F.2d 413, 208 
USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 
1986). 

Siegel teaches (Paragraphs [0032-0033]) whether the APS is authorized to 
receive user related information. 

Applicant argues that the claimed feature of assigning an AUID code to a 
combination of the user and the service application when the user has not previously 
used the service application is not taught or suggested by Marley/Lammi combination. 

Examiner respectfully disagrees. 
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Marley teaches the claimed feature of assigning an AUID code to a combination 
of the user and the service application (user tag in col. 3, lines 40-47 is a combination of 
an identification of the user and the service application) and is being generated in 
response to the user's request. 

Lammi further teaches that the identifier's are eliminated from the database after 
a predetermined time/inquiries. Therefore, the identifier is being used for predetermined 
number of time or inquiries. 

Therefore, the identifier stored in the database is being used if it already exists 
and is being used for a predetermined number of time/inquiries and generated new if it 
does not exist. 

In view of the above the combination of Marley and Lammi teaches the limitation 
cited above. 

Applicant argues the claimed feature of allowing the service application to 
receive the requested user data if the AUID code was included in the request and if the 
service application is allowed according to the permission table cannot reasonably be 
derived from any properly combination of the applied documents. 

Marley teaches the claimed feature of allowing the service application to receive 
the requested user data if the AUID code was included in the request (the APS request 
information about the user's location from the network using the user tag, Col. 4, lines 1- 
4). Siegel teaches if the service application is allowed according to the permission table 
(permission table, paragraph [0032]). 
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In view of the above the combination of Marley and Lammi teaches the limitation 
cited above. 

Applicant argues that what is alleged in Siegel to be a permission table exists in 
a different context than that of Applicant's independent claims. Moreover, none of the 
applied references are directed to the problem solved by Applicant's (of protecting user 
data), but rather protecting the user's identity. 

Examiner respectfully disagrees. The permission table provides information 
regarding where the particular ID has permission access user data (Siegel, Paragraph 
[0033]). User's identity is also user data. 

In view of the above the combination of Marley and Lammi teaches the limitation 
cited above. 

Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
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the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to MUTHUSWAMY G. MANOHARAN whose telephone 
number is (571)272-5515. The examiner can normally be reached on 7:00AM-2:30 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Eng George can be reached on 571-272-7495. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Patrick N. Edouard/ 

Supervisory Patent Examiner, Art Unit 2617 



